A simple username and password checking script?

I'm trying to make it so that if you wanted to make a new post on the news or events section you had to be one of the members allowed to do so.

Also I was wonder if it was possible that when you click on a text hyperlink if you could replace variables in a div /div tag and change customization properties of another div tag.

Example. I have 4 tabs(div) labeled News01 - News 04 and a main display div. If News 01 is currently the highlighted tab and I click on the "News03" text is it possible for it to change variables in the display window so that the variable $news01 then becomes $news03 (which would then display the information under $news03) without changing the actual .php file. Also can I change the News01 tab to unhighlighted and highlight the News03 tab? (By changing the background color of the Div.

Sorry if this is confusing. If you don't understand my jibberish just answer if it is possible to change variables on a page just by clicking on text or an image without changing the actual .php file.

Thanks a lot guys. Peace.

    This is a script I use:

    <?php
    
    if (isset($HTTP_POST_VARS[submit])) 
    	{
    include ("db.php");
    if ($HTTP_POST_VARS[username] AND $HTTP_POST_VARS[password]) 
           {  Check the submitted info.
    
    $query = "SELECT * FROM user_table WHERE username='$HTTP_POST_VARS[username]'";
    $query_result = mysql_query ($query) or die (mysql_error());
    $result = @mysql_fetch_array ($query_result);
    if ($result[password]!="")
    		{
    if ($HTTP_POST_VARS[password] == $result[password]) 
    		 					{
    
    // If a session already exist, destroy it
    
    if(isset($_COOKIE[session_name()]))
    						{
    session_start(); // To be able to use session_destroy
    session_destroy(); // To delete the old session file
    unset($_COOKIE[session_name()]);
    							}
    session_start();
    $_SESSION[username]=$result[username];
    
    	} 
    					}
    
    else {
    $message = urlencode ("The username and password submitted do not match those on file. Please try again.");
    
    header ("location: login.php?greeting=$message");
    	}
    	}
     else {
    $message = urlencode ("Please enter your username and password to log in.");
    
    header ("location: login.php?greeting=$message");
    
    		}
    exit;
    		 }
    session_start();
    if ($_SESSION[username]=="")
    {
    
    echo "<br><br><br><br><center><font size=+3 color=#B13D22>User Login</font><br><br><br>
     <table width=400 bgcolor=#eeeeee cellpadding=6 cellspacing=1>
        <form name=admin method=post action=$PHP_SELF>
           <TR> 
            <TD bgcolor=\"#ffffff\" align=\"right\"><font class=\"font14\">User Name</font></td>
            <TD bgcolor=\"#ffffff\"><INPUT TYPE=\"text\" NAME=\"username\" SIZE=\"15\"></td></tr>
          <TR> 
            <TD bgcolor=\"#ffffff\" align=right><font class=font14>Password</font> </td>
            <TD bgcolor=\"#ffffff\"><INPUT TYPE=\"password\" NAME=\"password\" SIZE=\"10\"></td></tr>
    			<TR>
            <TD bgcolor=\"#ffffff\"></td>
            <TD bgcolor=\"#ffffff\"><INPUT TYPE=\"SUBMIT\" NAME=\"submit\" VALUE=\"Log in\"></td></tr>
    		   </form>
    	</TABLE>";
    	echo "<p align=center><font color=red>$greeting</font></p>";//This prints the warning message.
    }
    else {
    
    header ("location: index.php");}
    	?>
    
    

      Thanks for the script. I notice though in it it has includes and references .php documents. What are they for and do I need them?

        Not really. But you do need something (I use db.php) to connect to database.

          That's the Database file created by MySQL right? Would that hold the information the code would check the submitted information against?

            Looks like you are really new to php and database. I guess you don't even have a database and table for users. You need to design a user table first before you use the script.

            db.php is for connection only, and does not hold any data. It looks like this:

            <?php
            $dbhost = "localhost";
            $dbuname = "your username";
            $dbpass = "your passowrd";
            $dbname = "your database name";
            mysql_connect($dbhost, $dbuname, $dbpass);
            @mysql_select_db("$dbname") or die ("Unable to select database");
            ?>
            

            If you look back at the script in above post, those $querys are for getting info from database, and the info checked against submitted data.

              Extremely new. Sorry.

              I haven't installed MySQL yet. I was trying to use a PHP script without having having to call for the info from a database.

              OK, So I'd have to create one of those tables for every user I wanted to be able to have access to a certain page or action?

              Then I could name it user01.php and in the line:

              $query = "SELECT * FROM user_table WHERE username='$HTTP_POST_VARS[username]'";
              

              I would replace [username] with [user01.php]

              Or is that still wrong? :p

              Haha thanks for your paitence.

                There are text-file based "database" methods, but I think you should try mysql database as a practice. Here is what you should do for your database:

                1. Create a database (now you have database name. You need to find out your username, and password. If you are using phptriad for windows, your default username is root, and nothing for password)
                2. Create a table within the database (let's call it "user")
                3. Add necessary fields to it, e.g., user_id, username, password, email

                You don't create a table for each user. Each user has an entry (row) in the table with unique user_id and username. You don't replace username with user0.php. Replace user_table with user.

                Originally posted by subkida
                Extremely new. Sorry.

                I haven't installed MySQL yet. I was trying to use a PHP script without having having to call for the info from a database.

                OK, So I'd have to create one of those tables for every user I wanted to be able to have access to a certain page or action?

                Then I could name it user01.php and in the line:

                $query = "SELECT * FROM user_table WHERE username='$HTTP_POST_VARS[username]'";
                

                I would replace [username] with [user01.php]

                Or is that still wrong? :p

                Haha thanks for your paitence. [/B]

                  OK, sounds like a plan.

                  Ok last round of questions promise. 😉 (That is until I screw it up and come back crying. :p )

                  So once I've installed MySQL I create a databse file called db.php that looks like the one above (or is it already created and I just need to fill in the appropriate information?)

                  Then I create a user table (is that a .php file or something else within the database?) with a password field (It's going to be a universal password because there will only be two of us who can make new posts, delete and/or edit them. So I don't need an e-mail or username etc.) Or should I just use the username field anyway because it's already in that code?

                  Then I change user_table with whatever the name of my table is in that. Code. Is there anything else I would have to adjust/omit because I am only checking for a password.

                  Lastly can I add HTML code to that? Basically I want the password check form on the same page as the post, delete and edit forms. So this way once they fill out all the new post fields etc. they hit submit, it checks the password, if correct it makes the new post, deletes, etc., if wrong it takes them back to the form/password page.

                  Thanks a lot man. I appreciate the help. Peace.

                    Q: So once I've installed MySQL I create a databse file called db.php that looks like the one above (or is it already created and I just need to fill in the appropriate information?)

                    A: Once again, db.php (or you may call it connection.php) is not a database or database file. It is just for database connection purpose. You can insert the script to where I include db.php.

                    Q. Then I create a user table (is that a .php file or something else within the database?)

                    A: Oh, boy! I am not going to explain to you now. Go ahead and create a database and table. See it yourself. It is definitely not a php file!

                    Q: (table) with a password field (It's going to be a universal password because there will only be two of us who can make new posts, delete and/or edit them. So I don't need an e-mail or username etc.) Or should I just use the username field anyway because it's already in that code?

                    A: One field is Ok but two (username and password) is secure.

                    Q: Then I change user_table with whatever the name of my table is in that. Code. Is there anything else I would have to adjust/omit because I am only checking for a password.

                    A: No.

                    Q: Lastly can I add HTML code to that? Basically I want the password check form on the same page as the post, delete and edit forms. So this way once they fill out all the new post fields etc. they hit submit, it checks the password, if correct it makes the new post, deletes, etc., if wrong it takes them back to the form/password page.

                    A: If you use the same field names (username and password) in the database table, you don't need to chang anything except the table name. The script should work for you.

                    Good luck

                      Write a Reply...